Vulnerabilities > Mediawiki > Mediawiki > 1.18.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-02 | CVE-2012-5395 | Session Fixation vulnerability in MediaWiki CentralAuth Extension Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. network mediawiki | 6.8 |
| 2014-06-02 | CVE-2012-5391 | Session Fixation vulnerability in MediaWiki Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. network mediawiki | 6.8 |
| 2014-05-12 | CVE-2014-3455 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors. | 6.8 |
| 2014-05-12 | CVE-2014-3454 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors. | 6.8 |
| 2014-05-12 | CVE-2013-6472 | Information Exposure vulnerability in Mediawiki MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. | 5.0 |
| 2014-05-12 | CVE-2013-6454 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute. | 4.3 |
| 2014-05-12 | CVE-2013-6453 | Improper Input Validation vulnerability in Mediawiki MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. | 7.5 |
| 2014-05-12 | CVE-2013-6452 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file. | 4.3 |
| 2014-05-12 | CVE-2013-4574 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. | 4.3 |
| 2014-05-12 | CVE-2013-4571 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mediawiki Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. | 7.5 |